# Increasing caching # This has potential to increase memory usage to 110m under heavy usage, but # I find that unlikely as almost everything is using so short TTLs # See also MEMORY CONTROL EXAMPLE in man unbound.conf server: # bytes in message cache, defaults to 4m msg-cache-size: 50m # bytes in rrset cache, defaults to 4m rrset-cache-size: 50m # nxdomain cache, default 1m neg-cache-size: 10m # Increases TTL of all queries to 900 seconds (5 minutes) if upstream has # a lower one. I have been using this since August 2019 without issues. #cache-min-ttl: 900 # https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/ # dares setting the minimum cache to something between 40 minute and 60, # so how about 50 minutes? However it predates RFC 8767. #cache-min-ttl: 3000 # Why not just make it hour directly, while that is considered as a # maximum reasonableish value? cache-min-ttl: 3600 # Update cache for popular items before they expire. ~10 % traffic # increase according to `man unbound.conf` prefetch: yes # Fetch keys when DS is encountered, lower latency for a bit higher CPU use prefetch-key: yes # Allow expired results to be served if they are in cache. The cache will # get updated the next time. serve-expired: yes # Serve expired data up to one day (RFC 8767) serve-expired-ttl: 86400 # If serving expired data to client, explicitly give it TTL 30 seconds serve-expired-reply-ttl: 30 # Serve expired data to client if there is no answer in 1.8 seconds as per # common timeout 2 seconds according to the RFC 8767 #serve-expired-client-timeout: 1800 # However my /etc/resolv.conf timeout is 1 second since all my nameservers # are localhost, so let's wait 0.8 seconds instead. serve-expired-client-timeout: 800 # DNSSEC errors for valid and expired records ede: yes ede-serve-expired: yes # vim: filetype=unbound.conf